Wednesday, April 27, 2011

The Adobe Flash plugin for browsers uses a so called LSOs, or local shared objects, for storing user preferences, such as the preferred sound volume when visiting YouTube. Flash LSOs can also be used as a unique identifier to track user’s activity on the web, which is why some people refer them as “Flash cookies”.

Unlike traditional browser cookies, most internet users are unaware of Flash cookies. The trouble lies in the fact that these are not controlled through the browser’s cookie privacy settings. So even if you have deleted your browser's cookies, you have actually not as it is still possible to track and identify you and even rebuild the uniquely identifiable cookie – the one you deleted - from the Flash cookie. And some websites have been doing this.

Early this year, Adobe set up a webpage that gave users the ability to manage Flash cookies. To clear Flash cookies the user needs to visit the page and from there they can set various parameters for Global Privacy Settings, view list of websites stored, assign permission to use local storage, microphone etc. Actually, no one ever did that, or even knew they could and even should.

Now, developers at Adobe have worked with their counterparts at Mozilla and Google on a programming interface that allows LSOs to be deleted from within the settings panel of compliant browsers. The API, known as NPAPI ClearSiteData, which Adobe has implemented in Flash Player 10.3, has made it possible to delete Flash LSOs directly from the browser itself.